Professional Education - Technology
[Update: I've an evaluating Google Buzz as a vehicle for crisis communications, such as public announcements and interaction following an information security incident.]
Public communications are an under-appreciated facet of cybersecurity. Over the years, I have increasingly emphasized public communications in my SANS LEG523 course on the law of information security (which includes e-discovery, record retention and internal investigations).
Public communications is much more than just press releases and press conferences. It embraces a wide array of
public statements related to IT security -- policies, disclaimers, web notices, contracts, network terms & conditions, blogs, filings submitted to regulators, interactions with law enforcement, breach notices to consumers, declarations made in courts of law, and much, much more.
For instance, observe how central publicity is to the pivotal IT security lawsuit PlainsCapital Bank v. Hillary Machinery.
If anything could summarize my 5-day LEG523 course, it would be this: Words count, and words need to selected carefully. The words your enterprise utters to the world can have an astonishing impact on legal liability, public reputation, regulatory compliance, the cooperation (or not) of law enforcement and so on. Silence also counts, and silence is often a bad idea.
No other training course in the world will shake up your thinking about information and computer security as much as LEG523.
I'd be happy to answer questions about the course.
Learn more and register.
--Benjamin Wright, Senior Legal Issues Instructor, SANS Institute
I think David Scott is right: Most organizations enjoy “security” largely as a matter of luck. Anyone else here reading “I.T. WARS”? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary – an eCulture – for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on. Just Google “IT WARS” – check out a couple links down and read the interview with the author David Scott. (Full title is “I.T. WARS: Managing the Business-Technology Weave in the New Millennium”).
Posted by: Janice Gaines | February 02, 2010 at 03:30 PM